In the latest of a series of hacks plaguing the gaming community, BioWare announced today that the Neverwinter Nights forum was successfully hacked on Tuesday and at least 18,000 user account credentials were compromised. In this case, the only information obtained were usernames and passwords: no credit card or other sensitive data was exposed, but if users use the same account ID and password on other sites, those accounts could be in jeopardy as well.

BioWare confirmed the attack, stating that it is investigating the seriousness of the breach and what data may have been lost. They’ve preliminarily determined that credit card information and other sensitive data was not included, and they don’t store information like social security numbers. Even so, BioWare admits that those 18,000 accounts include information like e-mail addresses, birth dates, and usernames/passwords for each user.

Bioware say that they’ve already notified the impacted users and strongly suggest that any users who use the same email address, ID, and password on other sites change those passwords as soon as possible.

LulzSec, who most people believe is behind the attack, actually hasn’t taken credit for it the way they have with their other notable attacks. They usually post to their Twitter stream when they’ve successfully brought down a web site or obtained login credentials for a group of users, but they’ve made no mention of the BioWare hack.

Whether that means they just don’t think it’s notable, or they just haven’t gotten around to it remains to be seen. It’s also possible the hack is someone else’s doing. BioWare even admitted in their statement on the hack that the Neverwinter Nights community servers were over a decade old, downplaying its significance. That’s likely no consolation to the users whose credentials were lost, however.

Reader Comments

Mr Wowtrousers

It’s the 24th June and the first I heard of this was an email today from Bioware. Jesus Christ. 8 Days? Before that it was Sony who took well over a week to tell me all my information has been compromised. Why should I give these companies ANY information when they cannot guarantee it will be completely and utterly compromised?